Prevent access to local IPs of the ISP's router

Hello everyone!
I bought a GLinet router to be able to use it as a “vlan” or “NAT”, where devices connecting to the GLiNet can only communicate with each other by their local GLiNet IPs and isolate the local router IPs from the ISP.

But it is not working that way, for example:

A laptop connected to the GLiNet router that is assigned the local IP can still access the local IP of a PC connected to the Internet provider’s router (

How can I prevent any device connected to the GLiNet router from being able to access devices connected to the ISP’s router, without losing Internet on the GLiNet router?

Or can’t this configuration be done? Thanks for your help.

Pls try the following iptables command, suppose your gateway is
Put these command in customized filed of luci.

 iptables -I FORWARD -i br-lan -d -j DROP
 iptables -I FORWARD -i br-lan -d -j ACCEPT

Just curious. Why would you need internet to the router if you then stop all the clients from accessing it.

This worked! Thank you!

For those who do not know where they have to put this code this is the steps:

In the GLiNet Panel, go to MORE SETTINGS :arrow_right: Advanced

From there open Luci, the root password is the same as the one to access the GLiNet Panel.

In Luci will Network :arrow_right: Firewall :arrow_right: Custom Rules

In the final part add iptables rules

A company has this need. It wants to give remote access to several devices to some employees but they do not want it to access the devices connected to the ISP’s router, because they have a local server on that router that is only used by management.
Let’s say that this local server is located on the local IP the employee connected to the device on the GLiNet router that has the local IP could access the local server ( and this could not happen because it would access the data on the local server.
Therefore, all local ports on the ISP’s router needed to be blocked for employees using devices on the GLiNet router.
In the end it was achieved with @EddieA solution, in this case the GLiNet router is running as a vlan.